[Openvpn-users] OpenVPN on SuSE 8.0

Hi!
Since SuSE uses slight different standards (for /etc/init.d etc), I
created a RPM for openvpn that will work on SuSE 8.0 like a charm.
Those two RPMs are needed:
http://www.baschny.de/linux/SuSE-8.0/RPMS/liblzo-1.08-6.i386.rpmhttp://www.baschny.de/linux/SuSE-8.0/RPMS/openvpn-1.3.1-11.i386.rpm
(none of these are included in SuSE 8.0's distribution).
The src.rpm can be found here:
http://www.baschny.de/linux/SuSE-8.0/SRPMS/liblzo-1.08-6.src.rpmhttp://www.baschny.de/linux/SuSE-8.0/SRPMS/openvpn-1.3.1-11.src.rpm
If you care to use SuSEfirewall2, here are some tips with which I made
it work with OpenVPN:
In file /etc/sysconfig/SuSEfirewall2:
FW_DEV_INT
add "tun0" and other tunnel devices here
FW_SERVICES_EXT_UDP
add "5000" or whatever port your remote party connects to
FW_ALLOW_INCOMING_HIGHPORTS_UDP
add "5000" here too
FW_FORWARD
add these three rules here:
<remote-tunnel-ip>/32,<local-network>/<cidr>
<local-LAN>/<cidr>,<remote-tunnel-ip>/32
<local-LAN>/<cidr>,<remote-LAN>/<cidr>
(this to allow connections to and from the remote tunnel to the
local LAN and between both LANs).
FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"
also add this line here
In file /etc/sysconfig/scripts/SuSEfirewall2-custom:
Add the following in the proc fw_custom_before_denyall:
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A INPUT -i tap+ -j ACCEPT
iptables -A FORWARD -i tap+ -j ACCEPT
Just call /sbin/SuSEfirewall2 when the tunnel is up (else it will not
find "tun0" interface :( ), maybe in your <tunnel>.up file.
I am not 100% sure if all of this is needed, since a lot of experimenting
went by until it worked. If you find out that one or two of these things
are not needed, just let us know!!
--
Ernesto Baschny <ernst@xxxxxxxxxx>
http://www.baschny.de - PGP: http://www.baschny.de/pgp.txt
Sao Paulo/Brasil - Stuttgart/Germany
Ernst@IRCnet - ICQ# 2955403
____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users